Congress Gets Reality Check on Net Security

Share

Congress Gets Reality Check on Net Security

Forecasting a scenario in which hackers wreak havoc on pagers and computer systems worldwide, top Internet security experts told the House subcommittee on technology Tuesday that more government funds should be allocated for research into computer security.

"If you choose to pass on this one, the rules will be set by other countries, insurance companies, and lawyers," warned Daniel Geer, director of engineering for Open Market Inc., and creator of Kerberos security software. "You will also be exporting jobs instead of products."

Recent break-ins to the CIA, Justice Department, and Air Force Web sites have resulted in increased awareness of the lack of security in cyberspace. The General Accounting Office recently reported that the Defense Department was attacked 25,000 times last year, and 65 percent of the assaults were successful. Forbes magazine estimates financial losses as a result of computer break-ins at US$10 billion per year. And Geer said the government should not underestimate the power of the Internet, characterizing it as "Radio Free Europe on steroids."

Independent security consultant Daniel Farmer said at the hearing that all computer systems have about a 75 percent vulnerability rate. And, with the number of people going online doubling every six to eight months - not to mention the number of people doing business online - chances are that computer break-ins will become only more frequent.

"This is downright depressing," lamented Representative Vernon J. Elhers (R-Michigan), who chaired part of the hearing.

But security celebrity Tsutomu Shimomura of the San Diego Supercomputer Center stressed that we already have some of the technology to stop many break-ins - strong cryptography. Shimomura told the members of Congress that without making strong cryptography legal to use and to export, hacking will continue, and worsen.

"It's isn't economical for a company to develop products that can only be used in one country," he said, referring to the Clinton administration's mandate that allows only a maximum of 56-bit encryption to be exported, with a key escrow option.

Pleas from the security experts for more funding of computer security research and research institutions - such as the COAST Laboratory at Purdue University - may not have fallen on deaf ears.

"I frankly have no hope of educating the public on this," Elhers said, remarking that computer hacking is more complex than the days when break-ins meant "tape over a door" during Watergate. But he added, "Hopefully policymakers will understand and take action."